package net.appsec.webapp.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

public class SecurityInterceptor extends HandlerInterceptorAdapter {
	private String interceptorURL;
	private String excludeURL;

	public void setInterceptorURL(String interceptorURL) {
		this.interceptorURL = interceptorURL;
	}

	public void setExcludeURL(String excludeURL) {
		this.excludeURL = excludeURL;
	}

	public void postHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler,
			ModelAndView modelAndView) throws Exception {
		String requestURL = request.getRequestURL().toString();
		response.setHeader("Cache-Control", "no-cache");
		response.setHeader("Pragma", "no-cache");
		response.setDateHeader("Expires", 0L);

		if ((this.excludeURL != null) && (requestURL.matches(this.excludeURL))) {
			return;
		}

		if ((this.interceptorURL == null)
				|| (requestURL.matches(this.interceptorURL))) {
			Object object = request.getSession().getAttribute(
					"session_customer");
			if (object == null) {
				request.getRequestDispatcher("/index.jsp").forward(request,
						response);
				return;
			}
		}
	}
}